diff options
author | Jeremy Benoist <jeremy.benoist@gmail.com> | 2019-01-09 23:29:30 +0100 |
---|---|---|
committer | Jeremy Benoist <jeremy.benoist@gmail.com> | 2019-01-09 23:31:14 +0100 |
commit | 3a2d4cf9fda87760c86320a7f8a5041d1d4256c6 (patch) | |
tree | e21e28b440f9318cd3fbb91043e40e0d725bbc5c | |
parent | 4d0c632c70ea50d459c3c55ddda2e0f394dd51cb (diff) | |
download | wallabag-3a2d4cf9fda87760c86320a7f8a5041d1d4256c6.tar.gz wallabag-3a2d4cf9fda87760c86320a7f8a5041d1d4256c6.tar.zst wallabag-3a2d4cf9fda87760c86320a7f8a5041d1d4256c6.zip |
Cast client id to avoid PG error
If someone send a malformated client_id when trying to authenticate using the API we got a 500 if wallabag use postgres because the request send a string instead of an integer.
-rw-r--r-- | src/Wallabag/ApiBundle/Entity/Client.php | 2 | ||||
-rw-r--r-- | src/Wallabag/ApiBundle/Repository/ClientRepository.php | 19 | ||||
-rw-r--r-- | tests/Wallabag/ApiBundle/Controller/DeveloperControllerTest.php | 14 |
3 files changed, 34 insertions, 1 deletions
diff --git a/src/Wallabag/ApiBundle/Entity/Client.php b/src/Wallabag/ApiBundle/Entity/Client.php index e6f98f98..78349820 100644 --- a/src/Wallabag/ApiBundle/Entity/Client.php +++ b/src/Wallabag/ApiBundle/Entity/Client.php | |||
@@ -11,7 +11,7 @@ use Wallabag\UserBundle\Entity\User; | |||
11 | 11 | ||
12 | /** | 12 | /** |
13 | * @ORM\Table("oauth2_clients") | 13 | * @ORM\Table("oauth2_clients") |
14 | * @ORM\Entity | 14 | * @ORM\Entity(repositoryClass="Wallabag\ApiBundle\Repository\ClientRepository") |
15 | */ | 15 | */ |
16 | class Client extends BaseClient | 16 | class Client extends BaseClient |
17 | { | 17 | { |
diff --git a/src/Wallabag/ApiBundle/Repository/ClientRepository.php b/src/Wallabag/ApiBundle/Repository/ClientRepository.php new file mode 100644 index 00000000..fc14262e --- /dev/null +++ b/src/Wallabag/ApiBundle/Repository/ClientRepository.php | |||
@@ -0,0 +1,19 @@ | |||
1 | <?php | ||
2 | |||
3 | namespace Wallabag\ApiBundle\Repository; | ||
4 | |||
5 | use Doctrine\ORM\EntityRepository; | ||
6 | |||
7 | class ClientRepository extends EntityRepository | ||
8 | { | ||
9 | public function findOneBy(array $criteria, array $orderBy = null) | ||
10 | { | ||
11 | if (!empty($criteria['id'])) { | ||
12 | // cast client id to be an integer to avoid postgres error: | ||
13 | // "invalid input syntax for integer" | ||
14 | $criteria['id'] = (int) $criteria['id']; | ||
15 | } | ||
16 | |||
17 | return parent::findOneBy($criteria, $orderBy); | ||
18 | } | ||
19 | } | ||
diff --git a/tests/Wallabag/ApiBundle/Controller/DeveloperControllerTest.php b/tests/Wallabag/ApiBundle/Controller/DeveloperControllerTest.php index f58d1c12..e1a0ac7e 100644 --- a/tests/Wallabag/ApiBundle/Controller/DeveloperControllerTest.php +++ b/tests/Wallabag/ApiBundle/Controller/DeveloperControllerTest.php | |||
@@ -56,6 +56,20 @@ class DeveloperControllerTest extends WallabagCoreTestCase | |||
56 | $this->assertArrayHasKey('refresh_token', $data); | 56 | $this->assertArrayHasKey('refresh_token', $data); |
57 | } | 57 | } |
58 | 58 | ||
59 | public function testCreateTokenWithBadClientId() | ||
60 | { | ||
61 | $client = $this->getClient(); | ||
62 | $client->request('POST', '/oauth/v2/token', [ | ||
63 | 'grant_type' => 'password', | ||
64 | 'client_id' => '$WALLABAG_CLIENT_ID', | ||
65 | 'client_secret' => 'secret', | ||
66 | 'username' => 'admin', | ||
67 | 'password' => 'mypassword', | ||
68 | ]); | ||
69 | |||
70 | $this->assertSame(400, $client->getResponse()->getStatusCode()); | ||
71 | } | ||
72 | |||
59 | public function testListingClient() | 73 | public function testListingClient() |
60 | { | 74 | { |
61 | $this->logInAs('admin'); | 75 | $this->logInAs('admin'); |